Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-5352 ACL improvements
  3. HBASE-6292

Compact can skip the security access control

    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.94.0, 0.94.1, 0.95.2
    • Fix Version/s: 0.94.1, 0.95.0
    • Component/s: security
    • Labels:
    • Hadoop Flags:
      Reviewed

      Description

      When client sends compact command to rs, the rs just create a CompactionRequest, and then put it into the thread pool to process the CompactionRequest. And when the region do the compact, it uses the rs's ugi to process the compact, so the compact can successfully done.

      Example:

      user "mapred" do not have permission "Admin",

      hbase(main):001:0> user_permission 'Security'
      User                                Table,Family,Qualifier:Permission                                                                      
       mapred                             Security,f1,c1: [Permission: actions=READ,WRITE] 
      
      hbase(main):004:0> put 'Security', 'r6', 'f1:c1', 'v9'
      0 row(s) in 0.0590 seconds
      
      hbase(main):005:0> put 'Security', 'r6', 'f1:c1', 'v10'
      0 row(s) in 0.0040 seconds
      
      hbase(main):006:0> compact 'Security'
      0 row(s) in 0.0260 seconds
      

      Maybe we can add permission check in the preCompactSelection() ?

        Attachments

          Activity

            People

            • Assignee:
              xingshi ShiXing
              Reporter:
              xingshi ShiXing
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: